Forefront Client Security Troubleshooting: Installers

Forefront Client Security Troubleshooting: Installers

FCS uses the
Microsoft Software Installer (MSI) for most of its components. MSI is built into the operating system, and the file name (used both by system service and installer executive) isMSIEXEC.EXE. When
you run this program by itself in a command prompt, you’ll see the offering of parameters in a dialog box. It works primarily on files with an MSI extension, among others.

MSIEXEC has logging options that can be very useful when trying to troubleshoot installer issues. By appending ‘/l*v install.log’ to the
command line (or your log file name of choice), you will get fully verbose output. The switches are:

/l - specifies that a log file should be created.

* - specifies that all information should be logged (there are 12 other types of information that can be logged - * means log them
all, except for v and x <extra debugging information>).

(Additional note here: eliminating the quiet '/qn’ option allows you to see all user interfaces. It’s good to watch the installer
show its progress when troubleshooting an issue.)

So how do you interpret that log. Memorize this phrase:‘Return value 3’ (be sure to substitute for the language-specific
version of the phrase if you’re running on a non-English OS). Searching for this phrase in your log will generally pinpoint the cause of any major issue. Or, at least, it will put you near a section of the log where problems led up to this failure. This works
most of the time. Otherwise, patients will prevail here. Since all installer logs, however verbose, contain a similar set of internal ‘stages’, with experience you will gather a better feel for where the problem is rooted. Other phrases might come
in handy, such as ‘error’ or ‘fail’.

Also, for FCS, during server installation, be sure to check for any other logs that get populated under ‘…\Program Files\Microsoft
Forefront\...’, since these get embedded in deeper subdirectories depending on the subsystem being installed.